Vulnerability Details : CVE-2007-5971
Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.
Vulnerability category: Memory Corruption
Products affected by CVE-2007-5971
- cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-5971
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 32 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-5971
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2007-5971
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2007-5971
-
Red Hat 2007-12-14Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5971 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. See http://marc.info/?m=119743235325151
References for CVE-2007-5971
-
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html
[SECURITY] Fedora 7 Update: krb5-1.6.1-9.fc7
-
http://seclists.org/fulldisclosure/2007/Dec/0321.html
Full Disclosure: Venustech reports of MIT krb5 vulns [CVE-2007-5894 CVE-2007-5901 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972]
-
http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
-
http://www.securityfocus.com/bid/26750
Patch
-
http://www.ubuntu.com/usn/USN-940-1
USN-940-1: Kerberos vulnerabilities | Ubuntu security notices
-
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:069
Advisories | Mandriva
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10296
404 Not Found
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:070
Advisories | Mandriva
-
https://issues.rpath.com/browse/RPL-2012
-
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
-
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html
[SECURITY] Fedora 8 Update: krb5-1.6.2-14.fc8
-
http://security.gentoo.org/glsa/glsa-200803-31.xml
MIT Kerberos 5: Multiple vulnerabilities (GLSA 200803-31) — Gentoo security
-
http://wiki.rpath.com/Advisories:rPSA-2008-0112
-
http://seclists.org/fulldisclosure/2007/Dec/0176.html
Full Disclosure: MIT Kerberos 5: Multiple vulnerabilities
-
http://www.securityfocus.com/archive/1/489883/100/0/threaded
-
http://docs.info.apple.com/article.html?artnum=307562
-
http://www.redhat.com/support/errata/RHSA-2008-0180.html
Support
-
http://ubuntu.com/usn/usn-924-1
USN-924-1: Kerberos vulnerabilities | Ubuntu security notices
-
http://www.redhat.com/support/errata/RHSA-2008-0164.html
Support
-
http://www.vupen.com/english/advisories/2010/1192
Webmail | OVH- OVH
-
http://bugs.gentoo.org/show_bug.cgi?id=199212
199212 – mit-krb5 lib vulnerability
-
http://www.vupen.com/english/advisories/2008/0924/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Jump to